GootLoader, SocGholish malware campaigns hit law firms

Six law firms have been subjected to separate GootLoader and SocGholish malware campaigns during the past two months, according to SecurityWeek. Attackers behind the GootLoader campaign have targeted law firm employees through search engine optimization poisoning in an effort to facilitate espionage and data exfiltration efforts, a report from eSentire revealed. GootLoader malware was downloaded through malicious agreement or contract templates downloaded from a phony forum page. Such a campaign indicates GootLoader's possible transition to politically-motivated and cyberespionage activities, said eSentire researcher Keegan Keplinger. Poisoned domains have also been leveraged in the SocGholish malware attacks, which have been targeted at law firm workers and other professionals to facilitate further reconnaissance efforts and payload delivery. "By infecting a large number of lower traffic sites, SocGholish operators capture the occasional high-value victim website from their infections. For example, the Notary Public website was frequented by legal firms. These visitors are considered high value," said eSentire.